Fortify 360's Static Application Security Testing (SAST) technology will be integrated with HP Application Security Center and HP Quality Center software solutions to give enterprise users increased visibility into application security across development, quality assurance and security operations.
"The combination of these technologies brings together development's security efforts with software quality and dynamic application security testing," said John M. Jack, CEO of Fortify Software. "Not only will customers benefit from increased visibility into the security of their software throughout its lifecycle, but they will be even better equipped to assess and manage the overall risk to their business while cutting the costs it takes to perform these tasks."
Recent studies show that data breaches and cyber attacks on the application layer continue to rise at an alarming rate, and the National Institute of Standards & Technology (NIST) notes that 92% of exploitable vulnerabilities are found in the software. As businesses strive to mitigate the risks posed by vulnerable software, mandates from organizations such as the Payment Card Industry (PCI) Security Standard Council make it imperative to address security through all phases of the software life cycle.
"Enterprise businesses can reduce security risks inherent in their software by bringing together their development, quality assurance and security operations groups," said Jonathan Rende, vice president and general manager, Business Technology Optimization Applications, Software and Solutions, HP. "Combining Fortify's leading static application security testing technology together with HP's market-leading quality and web application security solutions delivers unparalleled visibility across the application lifecycle."
Fortify and HP will first focus on integrating Fortify 360 static application security testing results into HP Assessment Management Platform (AMP) to give customers a real-time dashboard view of application security scanning efforts enterprise-wide. The collaboration also includes integration of Fortify 360 source code security results with HP Quality Center's defect management system. This will enable customers to seamlessly submit security issues detected by Fortify 360 source code analysis into HP Quality Center's defect management system so they can be managed like other software defects.
According to Joseph Feiman, VP and Gartner Fellow, "Conceptually, static tools test applications from the 'inside out,' whereas dynamic tools test applications from the 'outside in.' These techniques are complementary, and we believe that vendors have greater vision if they integrate static and dynamic testing to increase the breadth of application lifecycle coverage and the accuracy of vulnerability detection."
About Fortify Software, Inc.
Fortify(R)'s Software Security Assurance products and services protect companies from the threats posed by security vulnerabilities in business-critical software applications. Its software security suite - Fortify 360 - drives down costs and security risks by automating key processes of developing and deploying secure applications. Fortify Software's customers include government agencies and FORTUNE 500 companies in a wide variety of industries, such as financial services, healthcare, e-commerce, telecommunications, publishing, insurance, systems integration and information management. The company is backed by world-class teams of software security experts and partners. More information is available at www.fortify.com or visit our blog.